Podcasts about Siem

  • 584PODCASTS
  • 1,480EPISODES
  • 41mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jul 30, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about Siem

Show all podcasts related to siem

Latest podcast episodes about Siem

AWS for Software Companies Podcast
Ep125: Bridging the gap between requirements and budget - Better data while still controlling costs

AWS for Software Companies Podcast

Play Episode Listen Later Jul 30, 2025 25:39


Ed Bailey, Field CISO at Cribl, shares how Cribl and AWS are helping customers rethink their data strategy by making it easier to modernize, reduce complexity, and unlock long-term flexibility.Topics Include:Ed Bailey introduces topic: bridging gap between security data requirements and budgetCompanies face mismatch: 10TB data needs vs 5TB licensing budget constraintsData volumes growing exponentially while budgets remain relatively flat year-over-yearIT security data differs from BI: enormous volume, variety, complexityMany companies discover 600+ data sources during SIEM migration projects50% of SIEM data remains un-accessed within 90 days of ingestionComplex data collection architectures break frequently and require excessive maintenanceTeams spend 80% time collecting data, only 20% analyzing for valueData collection and storage are costs; analytics and insights provide business valuePoor data quality creates operational chaos requiring dozens of browser tabsSOC analysts struggle with context switching across multiple disconnected systemsTraditional vendor approach: "give us all data, we'll solve problems" is outdatedData modernization requires sharing information widely across organizational business unitsData maturity model progression: patchwork → efficiency → optimization → innovationData tiering strategy: route expensive SIEM data vs cheaper data lake storageSIEM costs ~$1/GB while data lakes cost ~$0.15-0.20/GB for storageCompliance retention data should go to object storage at penny fractionsDecouple data retention from vendor tools to enable migration flexibilityCribl platform offers integrated solutions: Stream, Search, Lake, Edge componentsCustomer success: Siemens reduced 5TB to 500GB while maintaining security effectivenessParticipants:Edward Bailey – Field CISO, CriblFurther Links:Cribl WebsiteCribl on AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Cloud Security Podcast by Google
EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI

Cloud Security Podcast by Google

Play Episode Listen Later Jul 28, 2025 27:15


Guest: Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group Topics: SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster?  Anton might be a “reformed” analyst but I can't resist asking a three legged stool question: of the people/process/technology aspects, which are the hardest for this transformation? What helped the most in solving your big challenges?  Was there a process that people wanted to keep but it needed to go for the new tool? One thing we talked about was the plan to adopt composite alerting techniques and what we've been calling the “funnel model” for detection in Google SecOps. Could you share what that means and how your team is adopting?  There are a lot of moving parts in a D&R journey from a process and tooling perspective, how did you structure your plan and why? It wouldn't be our show in 2025 if I didn't ask at least one AI question!  What lessons do you have for other security leaders preparing their teams for the AI in SOC transition?  Resources: EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP184 One Week SIEM Migration: Fact or Fiction? EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 “Maverick” — Scorched Earth SIEM Migration FTW! blog “Hack the box” site

Microsoft Mechanics Podcast
New data lake in Microsoft Sentinel

Microsoft Mechanics Podcast

Play Episode Listen Later Jul 24, 2025 9:22 Transcription Available


Centralize, retain, and query high-volume, long-term security data across Microsoft and third-party sources for up to 12 years using Microsoft Sentinel's new unified data lake. Correlate signals, run advanced analytics, and perform forensic investigations from a single copy of data—without costly migrations or data silos. Detect persistent, low-and-slow attacks with greater visibility, automate responses using scheduled jobs, and generate predictive insights by combining Copilot, KQL, and machine learning. Vandana Mahtani, Microsoft Sentinel Principal Product Manager shows how to uncover long-running threats, streamline investigations, and automate defenses—all within a unified, AI-powered SIEM experience. ► QUICK LINKS:  00:00 - Microsoft Sentinel Data Lake 01:49 - Data Management 02:46 - Table Management 03:36 - Data Lake exploration 04:17 - Advanced Hunting 05:23 - Query retention data 06:16 - Automate threat detection 07:18 - Move from reactive to predictive 08:50 - Wrap up ► Link References Check out https://aka.ms/SentinelDataLake ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Irish Tech News Audio Articles
Paradyn forecasts €1.6 million in revenues from ManageEngine partnership in 2025

Irish Tech News Audio Articles

Play Episode Listen Later Jul 24, 2025 3:43


Paradyn, one of Ireland's leading managed service and cybersecurity providers, has announced projected revenues of over €1.6 million in 2025 from its strategic partnership with ManageEngine, a global provider of enterprise IT management solutions. This marks a significant 100% increase from the €800,000 recorded in 2024. With a focus on the public sector, Paradyn forecasts continued momentum, anticipating 40% year-on-year growth in revenues from ManageEngine offerings Paradyn has successfully delivered ManageEngine solutions to more than 50,000 users across 40 public sector organisations and government agencies in Ireland, including the ESB, Teagasc, National Concert Hall, Dun Laoghaire County Council, Cork County Council, and Kildare County Council. The partnership has also enabled Paradyn to expand its public sector client base by 20%, underscoring the demand for robust, scalable IT management tools within government institutions. ManageEngine, the IT management division of Zoho Corporation, provides a broad suite of more than 60 enterprise-grade tools that address the end-to-end IT operations lifecycle - covering network and server monitoring, endpoint management, IT service management (ITSM), identity and access management, and security information and event management (SIEM). These tools empower public sector bodies to increase automation, improve visibility across their IT environments, reduce operational costs, and bolster their cybersecurity posture - all while ensuring that services to citizens are delivered reliably and securely. Paradyn's in-depth knowledge of public sector IT requirements, combined with its cybersecurity consulting and professional services, ensures that ManageEngine implementations are aligned with Ireland's evolving regulatory landscape, including the EU's NIS2 directive. Together, the two organisations offer a comprehensive and scalable solution for managing IT infrastructure securely and efficiently. Grace McCauley, Head of Sales - Managed Services, Paradyn, said: "Our partnership with ManageEngine allows us to deliver best-in-class IT management and cybersecurity solutions tailored to the public sector. As public services continue to digitalise, the need for reliable, secure, and cost-effective infrastructure becomes paramount. We're proud to be supporting the government in delivering modern, resilient digital services to citizens." ManageEngine's proven technology and Paradyn's hands-on approach help public sector agencies future-proof their IT environments, safeguard sensitive citizen data, and achieve operational excellence in an increasingly complex threat landscape. See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience. You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.

BlueDragon Podcast
S02E08 Bridging SecOps and Compliance - Purav Desai

BlueDragon Podcast

Play Episode Listen Later Jul 22, 2025 60:12


In this episode of the Blue Dragon podcast, I interview Purav Desai, a dual Microsoft MVP recognized for his contributions in the fields of SIEM, XDR, and Microsoft Purview compliance.We discuss Purav's journey to becoming an MVP, his role as an incident responder, and the strategic importance of Microsoft Purview in governance and compliance.The conversation also covers the significance of eDiscovery in legal preparedness, common misconceptions about Microsoft security, and the implementation of data classification policies.Purav shares insights on how organizations can start their journey in Microsoft security and the evolution of data protection in collaborative tools like Teams.In this conversation, Purav discusses the balance between automation and human oversight in cybersecurity, emphasizing the importance of understanding processes before automating them.He shares a real-world incident response case that highlights the need for authority and trust in managing security incidents.The discussion also covers the emerging threat of insider risks, particularly in light of layoffs, and how organizations can leverage Microsoft tools to mitigate these risks.Finally, Purav reflects on the choice between adopting a single ecosystem versus a best-of-breed approach in security solutions, and shares his future aspirations in the cybersecurity field.LINKS➰ BlueDragon: bluedragonpodcast.com➰ Purav Desai's LinkedIn: https://www.linkedin.com/in/purav-da346393/➰ Purav Desai's Github: https://github.com/PuravsPoint➰ Purav Desai's DecipheringUAL series: https://github.com/PuravsPoint/DecipheringUALCHAPTERS(00:00:00) INTRO (00:00:30) Introduction to Purav Desai and His Achievements (00:03:49) Journey to Becoming a Dual Microsoft MVP (00:06:25) Role of an M365/Azure Incident Responder (00:09:04) Understanding Microsoft Purview Compliance and Governance (00:12:32) eDiscovery and Legal Preparedness (00:15:24) Common Misconceptions About Microsoft Purview (00:17:54) Implementing Data Classification Policies (00:22:54) The Evolution of Data Protection in Teams (00:26:32) Starting with Microsoft Security for Mid-Sized Organizations (00:30:04) Mature Endpoint Detection and Response Strategies (00:32:28) Balancing Automation and Human Oversight (00:38:09) Real-World Incident Response Lessons (00:46:10) Navigating European Regulations and Insider Threats (00:51:55) Ecosystem Choices: Best of Breed vs. All-in-One (00:55:51) Future Aspirations and Community Contributions (00:59:36) OUTRO

Cloud Security Podcast by Google
EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect

Cloud Security Podcast by Google

Play Episode Listen Later Jul 14, 2025 37:59


Guest: Svetla Yankova, Founder and CEO, Citreno Topics: Why do so many organizations still collect logs yet don't detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?  What are the hardest parts about getting the right context into a SOC analyst's face when they're triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above? What are the organizational problems that keep organizations from getting the full benefit of the security operations tools they're buying? Top SIEM mistakes? Is it trying to migrate too fast? Is it accepting a too slow migration? In other words, where are expectations tyrannical for customers? Have they changed much since 2015? Do you expect people to write their own detections? Detecting engineering seems popular with elite clients and nobody else, what can we do? Do you think AI will change how we SOC (Tim: “SOC” is not a verb?) in the next 1- 3 -5 years?  Do you think that AI SOC tech is repeating the mistakes SOAR vendors made 10 years ago? Are we making the same mistakes all over again? Are we making new mistakes?  Resources: EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog Citreno, The Backstory “Parenting Teens With Love And Logic” book (as a management book) “Security Correlation Then and Now: A Sad Truth About SIEM” blog (the classic from 2019)

InfosecTrain
SOC Masterclass: Tools, Roles & Real-Time Threat Response Strategies

InfosecTrain

Play Episode Listen Later Jul 11, 2025 69:37


In this expert-led session, we take you inside the world of the Security Operations Center (SOC) — the command center of modern cybersecurity. Learn how SOCs monitor, detect, and respond to threats in real time using tools like SIEM, threat intelligence, and automated response systems. We cover essential SOC functions including incident response, proactive threat hunting, and compliance alignment, while also diving into core roles such as SOC Analysts, Threat Hunters, and Incident Responders. You'll gain practical insights into SOC maturity models, workflow optimization, and how to use leading tools like Splunk, ELK, and QRadar.Perfect for aspiring SOC professionals or teams aiming to enhance their detection and response capabilities.

InfosecTrain
CISSP Domain 6: Security Assessment & Testing Strategies Explained

InfosecTrain

Play Episode Listen Later Jul 10, 2025 35:01


In this session, we explore Domain 6 of the CISSP certification — Security Assessment & Testing — one of the most critical areas for identifying vulnerabilities, validating controls, and ensuring compliance. You'll dive deep into testing methodologies such as penetration testing, vulnerability scanning, risk assessments, and continuous monitoring. We also cover static and dynamic analysis, log review processes, and how to implement SIEM, IDS/IPS, and automation frameworks to strengthen system defenses.Whether you're studying for CISSP or sharpening your security testing skills, this episode provides real-world insights, exam tips, and a solid foundation for mastering Domain 6 — all mapped to frameworks like NIST, ISO 27001, and PCI DSS.

LEHMANN HUEBER Talk
#121: Warum ist München so teuer?

LEHMANN HUEBER Talk

Play Episode Listen Later Jul 10, 2025 26:25


München ist weder die Hauptstadt noch die größte Metropole Deutschlands – und trotzdem mit Abstand der teuerste Immobilienstandort. Marc und Sebastian von LEHMANN HUEBER Immobilien diskutieren mehrere Faktoren, die die Immobilienpreise in unserer bayerischen Landeshauptstadt soweit über das Niveau der anderen Top-7- Städte heben. Zudem vergleichen Sie München mit Frankfurt, Hamburg und Berlin und erklären die strukturellen Unterschiede. [Werbung]

Open Source Startup Podcast
E177: RunReveal's Anti SIEM SIEM Platform (With AI That Actually Works!)

Open Source Startup Podcast

Play Episode Listen Later Jul 8, 2025 43:33


Alan Braithwaite is Co-Founder & CTO of RunReveal, the security data platform with real-time monitoring, built-in detections, and AI-powered investigations. Today, they manage and analyze security logs for teams at Harvey, ClickHouse, Cloudflare, and Temporal. RunReveal has multiple open source projects including event stream processing library kawa and query language pql. RunReveal has raised from investors including Costanoa, Modern Technical Fund, and Runtime Ventures. In this episode, we dig into:Why today's modern security teams are rethinking data management The benefits of building RunReveal on ClickHouse How they worked with early believers / customers like TemporalTheir open source strategy and building trust with the community through open sourcing components like their event processing libraryTheir MCP server and enabling security teams to use AI to automate investigations (including the launch of their new remote MCP server)

InfosecTrain
AI in Cybersecurity: Next-Gen Tools for Smarter, Faster Threat Defense

InfosecTrain

Play Episode Listen Later Jul 7, 2025 17:17


In this session, we explore how Artificial Intelligence is revolutionizing cybersecurity, making digital defenses more intelligent, automated, and proactive. From detecting threats in real time to automating incident response, AI is transforming how organizations protect against modern cyberattacks. You'll learn how machine learning, behavior-based analytics, and AI-enhanced SIEM and EDR tools are helping security teams predict, detect, and respond to threats faster than ever before. We also cover how AI is reshaping SOC operations and why it's key to building resilient cyber defenses in an increasingly complex threat landscape.

InfosecTrain
Proactive Threat Hunting: Techniques to Detect & Stop Attacks Early

InfosecTrain

Play Episode Listen Later Jul 6, 2025 59:27


In this session, we break down the core principles of proactive threat hunting — a critical skill for identifying and stopping cyber threats before they cause damage. Learn how security teams use behavioral analysis, threat intelligence, and tools like SIEM and EDR to detect hidden threats and reduce dwell time. We cover the techniques and mindset required to hunt down threats lurking within systems, and show how a proactive approach dramatically improves an organization's ability to prevent breaches and respond effectively.You'll also get a glimpse into advanced threat hunting and DFIR training, including hands-on learning designed to prepare you for real-world challenges in cybersecurity.

Irish Tech News Audio Articles
Ekco acquires Adapt IT, bringing acquisition spend to €57M in two years

Irish Tech News Audio Articles

Play Episode Listen Later Jul 4, 2025 4:05


Ekco, one of Europe's leading security-first managed service providers, has announced that it has acquired Adapt IT, a Cork-headquartered IT managed service provider (MSP). The new deal, which is Ekco's sixth acquisition in two years, brings Ekco's total acquisition investment to €57 million within this timeframe. In business for more than 20 years, Adapt IT employs 37 people at its Cork location, serving customers in the small-and-medium-sized enterprises (SME) market. Its 300-strong customer base operates in industries such as manufacturing, retail, hospitality, legal, and finance. The deal bolsters Ekco's ability to support fast-growing SMEs with unified, secure, and scalable technology solutions. The acquisition of Adapt IT brings Ekco's global headcount to more than 1,000 employees and adds a seventh Irish location to its growing regional network. In addition to its three sites in Dublin, Ekco now operates in Cork, Waterford, and Laois, as well as across the UK, Netherlands, South Africa, and Malaysia. Adapt IT's expertise in Microsoft solutions will strengthen Ekco's modern working service offering for its customers, and its MSP focus will further build upon Ekco's existing managed service capabilities. Adapt IT's customer base will now benefit from Ekco's suite of advanced cloud services, automation expertise, and cybersecurity capabilities in areas including security information and event management (SIEM), security operations centres (SOC), and backup. As the cybersecurity regulatory landscape continues to evolve, Ekco will also provide peace of mind through its compliance services. Additionally, Adapt IT's teams will be able to avail of comprehensive upskilling, certification, and continuous learning opportunities to keep pace with industry demand. The deal is the latest in Ekco's wider acquisition strategy for growth and brings the total number of businesses acquired by Ekco in the last two years to six. Earlier this year, the company announced the purchase of Predatech, a UK-based cybersecurity consultancy. In 2024, it added UK legal IT specialist CTS to its portfolio of companies. 2023 saw the additions of MSPs Radius and Bluecube, as well as cloud migration and cybersecurity specialist iSystems. Cian Prendergast, CEO at Ekco MSP, said: "The acquisition of Adapt IT is the latest move in our aggressive expansion strategy which targets key acquisitions combined with sustained business growth. This strategy reflects an investment in innovation that will make us in Ekco, and our acquired companies, stronger as a result. We're building a modern, security-first MSP that helps ambitious businesses to operate with confidence and resilience. "Adapt IT, like us, is a cloud-first business that reflects our culture and has had tremendous success in building a nationwide customer base. By bringing our two companies together, we will enhance our regional footprint in a location where we see vast opportunities for our expansion, while also combining our knowledge and services to pioneer the demands of the modern enterprise. It strengthens our position as the go-to IT partner for businesses who want the reliability of a national partner with the responsiveness of a local team." John Levis, Managing Director, Adapt IT, said: "We are delighted to join the Ekco group, an Irish-founded business which is on an impressive growth trajectory. This will enable us to continue to deliver top-tier services to businesses, backed up by the skills and resources of a larger group. We are seeing that even smaller businesses are seeking enterprise-grade IT and cybersecurity solutions - Ekco's expertise will help us to meet this growing demand as the volume and complexity of cyber threats continues to rise." See more stories here.

Tee Time - Der Golfpodcast
BMW International Open - Pro Am Mittwoch mit Insides von Luke Donald, Max Kieffer und Marcel Siem

Tee Time - Der Golfpodcast

Play Episode Listen Later Jul 2, 2025 17:36


Heute melden sich Bernd und Zille von Pro-Am Tag in Eichenried. Die BMW International Open sind also quasi gestartet. Freut Euch auf Insides mit Max Kieffer, Marcel Siem und Luke Donald.

DSI et des Hommes
Sécurité par la surveillance avec Frédéric Costa

DSI et des Hommes

Play Episode Listen Later Jun 26, 2025 57:49 Transcription Available


Dans cet épisode, Frédéric Costa (LinkedIn) de chez Zero Trust nous explique pourquoi il vaut mieux d'abord surveiller l'ensemble de la surface d'attaque avant de lancer un projet Zero Trust complet. Il détaille les étapes clés d'un SOC managé (XDR/MDR), insiste sur l'identification des « signaux faibles » et la mise en place d'un cycle PDCA de gouvernance , et partage ses conseils pour aider les PME à gagner en maturité (activation des logs, déploiement d'un EDR, collaboration continue avec des analystes experts). Frédéric rappelle aussi l'importance de configurer correctement les briques de base (SIEM, EDR, NDR, Threat Intelligence) et de formaliser des politiques de sécurité partagéesOù le trouver ?LinkedIn : https://www.linkedin.com/in/fredericosta/Site Zero Trust : https://www.zerotrust.fr/Ses recommandations ANSSI (référentiel et bonnes pratiques) : https://cyber.gouv.fr/CNIL (règles de conservation des logs) : https://www.cnil.fr/Sources citées dans l'épisode :Ponemon Institute, Cost of a Data Breach Report (2023)Gartner, Market Guide for Endpoint Detection and Response (2023)Forrester, Now Tech: Extended Detection and Response (2023)IDC, Worldwide Endpoint Security Market Shares (2024)SANS Institute, Modern SOC Architectures (2023)NIST, Framework for Improving Critical Infrastructure Cybersecurity (2022)IBM Security, Cost of a Data Breach Report – Europe (2023)France Num, Baromètre PME 2023 (https://www.francenum.gouv.fr)----------------------------------DSI et des Hommes est un podcast animé par Nicolas BARD, qui explore comment le numérique peut être mis au service des humains, et pas l'inverse. Avec pour mission de rendre le numérique accessible à tous, chaque épisode plonge dans les expériences de leaders, d'entrepreneurs, et d'experts pour comprendre comment la transformation digitale impacte nos façons de diriger, collaborer, et évoluer. Abonnez-vous pour découvrir des discussions inspirantes et des conseils pratiques pour naviguer dans un monde toujours plus digital.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.

Cloud Security Podcast by Google
EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise

Cloud Security Podcast by Google

Play Episode Listen Later Jun 23, 2025 30:40


Guest: David French, Staff Adoption Engineer, Google Cloud Topic: Detection as code is one of those meme phrases I hear a lot, but I'm not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it? What gets better for security teams and security outcomes when you start managing in a DAC world? What is primary, actual code or using SWE-style process for detection work? Not every SIEM has a good set of APIs for this, right? What's a team to do in a world of no or low API support for this model?  If we're talking about as-code models, one of the important parts of regular software development is testing. How should teams think about testing their detection corpus? Where do we even start? Smoke tests? Unit tests?  You talk about a rule schema–you might also think of it in code terms as a standard interface on the detection objects–how should organizations think about standardizing this, and why should they? If we're into a world of detection rules as code and detections as code, can we also think about alert handling via code? This is like SOAR but with more of a software engineering approach, right?  One more thing that stood out to me in your presentation was the call for sharing detection content. Is this between vendors, vendors and end users?  Resources: Can We Have “Detection as Code”? Testing in Detection Engineering (Part 8) “So Good They Can't Ignore You: Why Skills Trump Passion in the Quest for Work You Love” book EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther Getting Started with Detection-as-Code and Google SecOps Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise From soup to nuts: Building a Detection-as-Code pipeline David French - Medium Blog Detection Engineering Maturity Matrix  

World Harvest Church
Pick Up Your Sword! || Jen Siem

World Harvest Church

Play Episode Listen Later Jun 23, 2025 51:32


Website: https://worldharvestusa.com/Connect with World Harvest ChurchWebsite: https://worldharvestusa.com/contact Facebook: / WorldHarvestUSA.RL Instagram: / worldharvestus Additional Resources from World Harvest Church https://worldharvestclasses.vhx.tv/productsUpcoming Events: https://worldharvestusa.com/events

AWS for Software Companies Podcast
Ep109: Sustaining Data Quality and Quantity: How Cribl is helping Customers Control Costs and Unlock Value

AWS for Software Companies Podcast

Play Episode Listen Later Jun 18, 2025 20:54


Cribl's Field CISO Ed Bailey discusses how customers can manage the quality and quantity of data by providing intelligent controls between data sources and destinations.Topics Include:Cribl company name originCompany helps organizations screen data to find valuable insightsEd Bailey was Cribl's first customer back in 2018Data growth of 25% yearly created seven-figure cost increasesCEOs and CIOs complained about explosive data storage costsUsers demanded more data while budgets remained constrainedBailey discovered Cribl through a random Facebook advertisementCribl Stream sits between data sources and destinationsNo new agents required, uses existing infrastructure connectionsReduced data growth from 28% to 8% within yearDevelopment cycles shortened from six weeks to two weeksBailey managed global security and telemetry data systemsOperated large Splunk instance across forty different countriesTeam spent time collecting data instead of extracting valueCribl provided consistent data control plane for operationsSmart engineers could focus on machine learning solutionsMigrated from terrible SIEM to better security platformData strategy should focus on business requirements firstNot all data has the same business valueTier one: Critical data goes to expensive platformsTier two: Important data stored in cheaper lakesTier three: Compliance data in low-cost object storageSIEM costs around one dollar per gigabyte storedData lakes cost twelve to eighteen cents per gigabyteObject storage costs fractions of pennies per gigabyteAWS partnership provides scalable infrastructure for rapid growthEC2, EKS, and S3 are heavily utilized servicesCribl Search finds data directly in object storageAvoids costly data movement for search and analysisParticipants:Edward Bailey – Field CISO, CriblSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Paul's Security Weekly
Insider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Rob Allen, Matthew Warner, Yotam Segev - ESW #411

Paul's Security Weekly

Play Episode Listen Later Jun 16, 2025 79:04


Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Enterprise Security Weekly (Audio)
Insider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Rob Allen, Matthew Warner, Yotam Segev - ESW #411

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jun 16, 2025 79:04


Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-411

Enterprise Security Weekly (Video)
Insider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Yotam Segev, Matthew Warner, Rob Allen - ESW #411

Enterprise Security Weekly (Video)

Play Episode Listen Later Jun 16, 2025 79:04


Segment 1 - Interview with Rob Allen from Threatlocker Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud Segment 3 - Interviews from RSAC 2025 Cyera Cyera is the fastest-growing data security company in history, empowering companies to classify, secure, and manage their data, wherever it is, and leverage the power of the industry's first AI native,unified Data Security Platform. Yotam Segev, Cyera's CEO sits down with CyberRisk TV at RSAC Conference 2025 to discuss Cyera's skyrocketing growth, its founding story and why an increasing number of Fortune500 companies are partnering with Cyera, and the company's latest product release: Adaptive DLP, a new AI data loss prevention solution. Recent Cyera News: Cyera Breaks World Record as the Fastest-Growing Data Security Company in History Data Security Leader Cyera Secures $300M in Series D Funding Cyera Acquires Trail Security for $162M Cyera Launches Data Incident Response Service Cyera Appoints Renowned Tech Exec Frank Slootman to Board of Directors This segment is sponsored by Cyera. Visit https://securityweekly.com/cyerarsac to learn more about them! Blumira In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it's a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that. Matthew's vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run. Blumira Partners Blumira Launches New M365 Threat Response Feature Security should be accessible to everyone. At Blumira, we're building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today. Show Notes: https://securityweekly.com/esw-411

CISSP Cyber Training Podcast - CISSP Training Program
CCT 252: Logging and Monitoring Security Activities for the CISSP (Domain 7.2)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 9, 2025 44:45 Transcription Available


Send us a textDive deep into the critical world of security logging and monitoring as we explore Domain 7.2 of the CISSP certification. This episode unpacks the strategic considerations behind effective logging practices that balance comprehensive visibility with practical resource management.We begin with a thought-provoking look at Anthropic's new AI chatbot designed specifically for classified government environments. Could this be the beginning of something like Skynet? While AI offers tremendous capabilities for processing classified data, these developments raise important questions about reliability, oversight, and unintended consequences.The heart of this episode focuses on building a robust logging and monitoring strategy. We examine the various types of logs you should consider—security logs, system logs, application logs, network logs, and database logs—while emphasizing the importance of starting small and focusing on critical systems. You'll learn why centralized logging through SIEM platforms has become the industry standard, and how to approach log retention policies that balance regulatory requirements with storage costs.Active monitoring, passive monitoring, and the correlation of events each serve distinct security purposes. We explore how techniques like log sampling and clipping levels can help manage the overwhelming volume of data modern networks generate, while highlighting the risks of missing critical security events if these techniques aren't properly implemented.Special attention is given to egress monitoring—watching what leaves your network—as a crucial but often overlooked security practice. Since attackers ultimately need to extract data from compromised systems, monitoring outbound traffic can catch breaches even when the initial compromise was missed.The episode rounds out with discussions on emerging technologies transforming the security monitoring landscape: SOAR tools that automate security operations, the integration of AI and machine learning for threat detection, and the strategic use of threat intelligence to understand attacker methodologies through frameworks like the cyber kill chain.Whether you're preparing for the CISSP exam or working to strengthen your organization's security monitoring capabilities, this episode provides both the conceptual understanding and practical considerations you need. Connect with us at CISSP Cyber Training for more resources to support your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Risk, Governance, and Cyber Compliance
Optimizing SIEM Storage Costs: Effective Logging Strategies

Risk, Governance, and Cyber Compliance

Play Episode Listen Later Jun 6, 2025 3:28


Send us a textOptimizing SIEM Storage Costs: Effective Logging StrategiesIs storage really as cheap as people think? This episode delves into the true cost of storage in the context of Security Information and Event Management (SIEM) systems. We explore traditional logging practices and their impact on storage, especially with the rise of cloud computing and hybrid environments. The key focus is on identifying critical applications and underlying architectures to optimize logging processes, thus controlling operational costs without compromising security. Learn about the importance of strategic log triage and maintaining an efficient security posture in a complex IT landscape.00:00 Introduction: Is Storage Really Cheap?00:20 Understanding SIEM and Log Management01:08 Strategies for Managing Operational Costs01:46 Critical vs. Less Critical Systems02:30 The Importance of a Triage Process03:06 Conclusion: Balancing Cost and Security

Smoke 'Em If You Got 'Em Podcast
205. Brooke Siem on Medicating Unhappiness and SSRI Withdrawal

Smoke 'Em If You Got 'Em Podcast

Play Episode Listen Later Jun 5, 2025 24:25


This is a free preview of a paid episode. To hear more, visit smokeempodcast.substack.comBrooke Siem is the author of the 2022 memoir, May Cause Side Effects, about the decade and a half she spent on anti-depressants (prescribed after her father died when she was 15) and what happened when she ditched them. Sarah is currently on anti-depressants, though she wonders whether she needs them. Nancy is not on SSRIs, though she was part of a gentle brigade who nudged Sarah to increase her dosage last year. This is a complicated knot! The ladies talk about over-medication, how cultural taboos migrate, and the problem with treating sadness, anger, frustration — very human emotions — with a pill. Also discussed:* Nancy suddenly cares about the Navy; Sarah questions this* That time Brooke wore a foxy denim jumper* “Chemical imbalance” is a hoodwink* The “Come Out of the Dark Campaign” meant to eradicate depression stigma leads to an explosion of SSRI prescriptions* SSRIs and orgasm* The opiate epidemic tracks with the anti-depressant era * “Chemical castration” didn't start with puberty blockers …* 70s-80s Ritalin vogue* Related: Does Ritalin suppress male growth?* Hold up: a link between transitioning genders and SSRIs?* Drinking and depression, a tangled saga* “Headaches are caused by an Advil deficiency”* Beware Wellbutrin* Gothic SSRI withdrawal* “I never boned a cabbie … that I'm aware of.”* That time Sarah went hypomanic …* 1 in 4 American women are on anti-depressants* The hormones and menopause of it all* “Fuck you, person at Whole Foods!”* Big Pharma / Big Food = same playbook, different expression* “Do you bake with yeast?”* WTF with Pol Pot?Plus, boozy cupcakes, a coyote sighting, was Tom Cruise right about pharmaceuticals — and much more!This one's a banger! Listen to the whole shebang when you become a paid subscriber.

NachDenkSeiten – Die kritische Website
Nur die Europäer können den Krieg in der Ukraine jetzt beenden – sie müssen dies aber auch wollen

NachDenkSeiten – Die kritische Website

Play Episode Listen Later Jun 4, 2025 13:11


Nach der zweiten Gesprächsrunde der ukrainischen und der russischen Delegation in Istanbul liegen nun die Forderungen beider Seiten auf dem Tisch. Es ist gut, dass man nun endlich wieder miteinander spricht. Hoffnungen auf einen baldigen Waffenstillstand oder gar Frieden sind jedoch nicht angebracht, liegen die Positionen beider Seiten doch meilenweit auseinander. Dabei scheinen gar nichtWeiterlesen

Cloud Security Podcast by Google
EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines

Cloud Security Podcast by Google

Play Episode Listen Later Jun 2, 2025 27:09


Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite directions, which side do you think will win? In a world where data volumes are exploding, especially in cloud environments, you're building a SIEM with ClickHouse as its backend, focusing on both parsed and raw logs. What's the core advantage of this approach, and how does it address the limitations of traditional SIEMs in handling scale?  Cribl, Bindplane and “security pipeline vendors” are all the rage. Won't it be logical to just include this into a modern SIEM? You're envisioning a 'Pipeline QL' that compiles to SQL, enabling 'detection in SQL.' This sounds like a significant shift, and perhaps not to the better? (Anton is horrified, for once) How does this approach affect detection engineering? With Sigma HQ support out-of-the-box, and the ability to convert SPL to Sigma, you're clearly aiming for interoperability. How crucial is this approach in your vision, and how do you see it benefiting the security community? What is SIEM in 2025 and beyond?  What's the endgame for security telemetry data? Is this truly SIEM 3.0, 4.0 or whatever-oh? Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures “20 Years of SIEM: Celebrating My Dubious Anniversary” blog “RSA 2025: AI's Promise vs. Security's Past — A Reality Check” blog tl;dr security newsletter Introducing a RunReveal Model Context Protocol Server! MCP: Building Your SecOps AI Ecosystem AI Runbooks for Google SecOps: Security Operations with Model Context Protocol  

Crying Out Cloud
AI-powered Security, Shared Fate, and an Archery Lesson with Dr. Anton Chuvakin

Crying Out Cloud

Play Episode Listen Later May 29, 2025 25:39


Human-Centered Security
XDR, EDR, SIEM, SOAR…Snooze: Cybersecurity Marketing Real Talk with Gianna Whitver

Human-Centered Security

Play Episode Listen Later May 29, 2025 34:09


You're a founder with a great cybersecurity product—but no one knows or cares. Or you're a marketer drowning in jargon (hey, customers hate acronyms, too), trying to figure out what works and what doesn't. Gianna Whitver, co-founder of the Cybersecurity Marketing Society, breaks down what the cybersecurity industry is getting wrong—and right—about marketing.In this episode, we talk about:Cyber marketing is hard (but you knew that already). It requires deep product knowledge, empathy for stressed buyers, and clear, no-FUD messaging.Building authentic, value-driven communities leads to stronger cybersecurity marketing impact.Don't copy the marketing strategies of big enterprises. Instead, focus on clarity, founder stories, and product-market fit.Founder-led marketing works. Early-stage founders can break through noise by sharing personal stories.Think twice before listening to the advice of “influencer” marketers. This advice is often overly generic. Or, you're following advice of marketers marketing to marketers (try saying that ten times fast). In other words, their advice is probably not going to apply to cybersecurity.Gianna Whitver is the co-founder and CEO of the Cybersecurity Marketing Society, a community for marketers in cybersecurity to connect and share insights. She is also the podcast co-host of Breaking Through in Cybersecurity Marketing podcast, and founder of LeaseHoney, a place for beekeepers to find land.

Cyber Briefing
May 28, 2025 - Cyber Briefing

Cyber Briefing

Play Episode Listen Later May 28, 2025 10:00


If you like what you hear, please subscribe, leave us a review and tell a friend!

@BEERISAC: CPS/ICS Security Podcast Playlist
How to build a SIEM SOC in OT? | OT Security Made Simple

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 25, 2025 18:59


Podcast: OT Security Made SimpleEpisode: How to build a SIEM SOC in OT? | OT Security Made SimplePub date: 2025-05-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

FC Afkicken
15 mei 2011: De dag van de derde ster voor Ajax | FCA Daily | S07E123

FC Afkicken

Play Episode Listen Later May 18, 2025 9:19


15 mei 2011. Na zeven lange jaren zonder titel staat Ajax op het punt om weer kampioen van Nederland te worden. De tegenstander? FC Twente. De regerend kampioen. De directe concurrent. Een week eerder nog de bekerfinale van datzelfde FC Twente verloren. Alles of niets.De Arena ademt spanning. Jong en oud, gespannen gezichten, klamme handen. Een sfeer als nooit tevoren in de Aran. Ajax moet winnen om boven Twente te eindigen. En in dat alles staat daar ineens een 23-jarige verdediger met rugnummer 3: Gregory van der Wiel.Vanaf het eerste fluitsignaal laat Ajax zien: dit is hún dag. Gedragen door de fans, voortgestuwd door emotie. En dan — Siem de Jong. Minuut 23. 1-0. De ban is gebroken.Twente spartelt, maar Ajax is meedogenloos. In de tweede helft: Landzaat kopt hem zijn eigen kruising in. 2-0. De Arena davert.Twente komt nog terug tot 2-1, maar het is te laat. Ajax houdt stand. En Siem de Jong verzilverd zijn heldenstatus. 3-1. De beslissinge. Het eindsignaal klinkt. Chaos. Opluchting. Tranen.Het is niet zomaar een titel. Het is de eerste onder Frank de Boer. Een elftal met eigen jeugd — Vertonghen, Eriksen, Van der Wiel, De Jong — keert terug op de troon. Het voelt als thuiskomen. De Arena, jaren het decor van frustratie, wordt die middag een tempel van bevrijding. Zeven jaar zonder kampioenschap eindigen hier — op deze vijfde mei.15-5-11: de dag waarop Ajax zichzelf hervond.In de podcast verwijzen Bart en Mart naar:De samenvatting van de wedstrijd: https://www.youtube.com/watch?v=CKSzLgfBYcU&ab_channel=AFCAjaxDe opkomst van Ajax voor de warming-up: https://www.youtube.com/watch?v=VDOooyWY_jY&ab_channel=ESPNNLMaarten Stekelenburg laat de schaal van de bus vallen: https://www.youtube.com/watch?v=i57okGcD7fc&ab_channel=nickvanVolenZie het privacybeleid op https://art19.com/privacy en de privacyverklaring van Californië op https://art19.com/privacy#do-not-sell-my-info.

ITSPmagazine | Technology. Cybersecurity. Society
From Tools to Trust: Why Integration Beats Innovation Hype in Cybersecurity | A Brand Story with Vivin Sathyan from ManageEngine | An On Location RSAC Conference 2025 Brand Story

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 7, 2025 20:05


Organizations are demanding more from their IT management platforms—not just toolsets, but tailored systems that meet specific business and security objectives. Vivin Sathyan, Senior Technology Evangelist at ManageEngine, shares how the company is responding with an integrated approach that connects IT, security, and business outcomes.ManageEngine, a division of Zoho Corporation, now offers a suite of over 60 products that span identity and access management, SIEM, endpoint protection, service management, and analytics. These components don't just coexist—they interact contextually. Vivin outlines a real-world example from the healthcare sector, where a SIM tool detects abnormal login behavior, triggers an identity system to challenge access, and then logs the incident for IT service resolution. This integrated chain reflects a philosophy where response is not just fast, but connected and accountable.At the heart of the platform's effectiveness is contextual intelligence—layered between artificial intelligence and business insights—to power decision-making that aligns with enterprise risk and compliance needs. Whether it's SOC analysts triaging events, CIS admins handling system hygiene, or CISOs aligning actions with corporate goals, the tools are tailored to fit roles, not just generic functions. According to Vivin, this role-based approach is critical to eliminating silos and ensuring teams speak the same operational and risk language.AI continues to play a role in enhancing that coordination, but ManageEngine is cautious not to follow hype for its own sake. The company has invested in its own AI and ML capabilities since 2012, and recently launched an agent studio—but only after evaluating how new models can meaningfully add value. Vivin points out that enterprise use cases often benefit more from small, purpose-built language models than from massive general-purpose ones.Perhaps most compelling is ManageEngine's global-first strategy. With operations in nearly 190 countries and 18+ of its own data centers, the company prioritizes proximity to customers—not just for technical support, but for cultural understanding and local compliance. That closeness informs both product design and customer trust, especially as regulations around data sovereignty intensify.This episode challenges listeners to consider whether their tools are merely present—or actually connected. Are you enabling collaboration through context, or just stitching systems together and calling it a platform?Learn more about ManageEngine: https://itspm.ag/manageen-631623Note: This story contains promotional content. Learn more.Guest: Vivin Sathyan, Senior Technology Evangelist, ManageEngine | https://www.linkedin.com/in/vivin-sathyan/ResourcesLearn more and catch more stories from ManageEngine: https://www.itspmagazine.com/directory/manageengineLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, vivin sathyan, cybersecurity, ai, siem, identity, analytics, integration, platform, risk, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Cloud Security Podcast by Google
EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025

Cloud Security Podcast by Google

Play Episode Listen Later May 5, 2025 31:37


Guests:  no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according to RSA floor? How realistic is the vision expressed by some [yes, really!] that AI progress could lead to technical teams, including IT and security, shrinking dramatically or even to zero in a few years? Why do companies continue to rely on decades-old or “non-leading” security technologies, and what role does the concept of a "organizational change budget" play in this inertia? Is being "AI Native" fundamentally better for security technologies compared to adding AI capabilities to existing platforms, or is the jury still out? Got "an AI-native SIEM"? Be ready to explain how is yours better! Resources: EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines? EP119 RSA 2023 - What We Saw, What We Learned, and What We're Excited About EP70 Special - RSA 2022 Reflections - Securing the Past vs Securing the Future RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?)  [Anton's RSA 2024 recap blog] New Paper: “Future of the SOC: Evolution or Optimization — Choose Your Path” (Paper 4 of 4.5) [talks about the change budget discussed]

ITSPmagazine | Technology. Cybersecurity. Society
From Overwhelmed to Informed: The Future of Threat Detection Isn't Just Faster—It's Strategic | A Brand Story with Hugh Njemanze from Anomali | An On Location RSAC Conference 2025 Brand Story

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 30, 2025 21:09


In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, Founder and CEO of Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what's driving a dramatic shift in how security teams access, analyze, and act on data.Anomali's latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.Agentic AI Meets Threat IntelligenceHugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali's AI operates within a secure, bounded dataset tailored to the customer's environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization's specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn't just contextual awareness—it's operational intelligence at speed and scale.Making Security More Human-CentricOne clear theme emerges: the democratization of security tools. With Anomali's design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.Real-World Results and Risk InsightsCustomers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali's system doesn't just detect—it correlates attack surface data with threat activity to highlight what's both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.Learn more about Anomali: https://itspm.ag/anomali-bdz393Note: This story contains promotional content. Learn more.Guest: Hugh Njemanze, Founder and President at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/ResourcesLearn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomaliLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 24, 2025 5:44


Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876 XRPL.js Compromised An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx Cisco Equipment Affected by Erlang/OTP SSH Vulnerability Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy

The I.T. Career Podcast
91: Helping Cybersecurity Pros Land Dream Jobs - With Kenneth Ellington

The I.T. Career Podcast

Play Episode Listen Later Apr 22, 2025 38:11


Want to land a cybersecurity job? Start with hands-on training from TryHackMe: https://tryhackme.com/why-subscribe?utm_source=youtube&utm_medium=social&utm_campaign=dakota_21aprilIn this episode, I sit down with Kenneth Ellington, cybersecurity instructor and founder of Ellington Cyber Academy, to break down how to build a high-paying career in cybersecurity—no matter your background.We talk about: ✅ How to break into cybersecurity without a degree✅ The fastest way to build real-world skills (SIEM, SOAR & more)✅ Why so many people get stuck in helpdesk and how to move forward✅ What hiring managers are really looking for✅ Strategies to land interviews and stand out from other applicantsWhether you're brand new to tech or ready to level up, this interview will give you the roadmap and mindset you need to succeed in today's cybersecurity job market.

The Tea on Cybersecurity
Cybersecurity Lingo Explained: vCISO, PII, and More

The Tea on Cybersecurity

Play Episode Listen Later Apr 21, 2025 23:56


Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can't be a one-time effortEpisode highlights:(00:00) Today's topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Paul's Security Weekly
What is old is new again: default deny on the endpoint - Colby DeRodeff, Danny Jenkins - ESW #402

Paul's Security Weekly

Play Episode Listen Later Apr 14, 2025 123:21


Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we'll be talking to Threatlocker's CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn't want to be found All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-402

Enterprise Security Weekly (Audio)
What is old is new again: default deny on the endpoint - Colby DeRodeff, Danny Jenkins - ESW #402

Enterprise Security Weekly (Audio)

Play Episode Listen Later Apr 14, 2025 123:21


Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we'll be talking to Threatlocker's CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn't want to be found All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-402

TrustedSec Security Podcast
7.14 - SOC Market: Trends in Threat Detection

TrustedSec Security Podcast

Play Episode Listen Later Apr 14, 2025 43:13


In this episode of Security Noise, Geoff and Skyler talk with IR Practice Lead Carlos Perez and Security Consultant Zach Bevilacqua about the world of security operations. They discuss current trends, the role of AI, challenges with traditional SIEM tools, and the value of proper logging and monitoring configurations. How important are proactive measures and effective communication within SOC teams? Find out what our team has to say on this episode of Security Noise!  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Hack the planet! Find more cybersecurity resources on our website at https://trustedsec.com/resources.

Paul's Security Weekly TV
I SIEM, you SIEM, we all SIEM for a Data Security Strategy - Colby DeRodeff - ESW #402

Paul's Security Weekly TV

Play Episode Listen Later Apr 14, 2025 35:43


We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we're seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don't even need to give up an email address to read it! In this interview, we'll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader's Guide to Security Data Strategy eBook Show Notes: https://securityweekly.com/esw-402

Paul's Security Weekly TV
The rise of MSSPs, CVE drama, Detection Engineering How-To & Doggie Survival Skills - ESW #402

Paul's Security Weekly TV

Play Episode Listen Later Apr 14, 2025 51:20


In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn't want to be found All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-402

The Blueprint
Ep. 104 Brooke Siem, Author May Cause Side Effects

The Blueprint

Play Episode Listen Later Apr 8, 2025 54:14


Author of “May Cause Side Effects” | Chef | Advocate for Informed Mental Health Decisions In this deeply moving and insightful episode, Jason sits down with Brooke Siem — award-winning chef, writer, and mental health advocate — for an honest conversation about resilience, antidepressant withdrawal, creative expression, and living life with full presence. Brooke shares her powerful story, from early childhood loss to her journey through psychiatric medication and severe withdrawal. She opens up about how the kitchen taught her resilience, how her creativity returned when she came off medications, and why she believes happiness is not just a feeling — it's a skill. Together, they explore the power of curiosity, emotional resilience, and finding meaning through life's toughest moments. This episode is a must-listen for anyone questioning conventional paths to healing, curious about the reality of psychiatric medications, or seeking inspiration to trust their own inner compass. What You'll Learn: Brooke's personal experience with antidepressant medications and the harsh realities of withdrawal The impact of childhood grief and how it shaped her early path How working in high-pressure kitchens taught her to embrace presence and adaptability Why curiosity is crucial for healing and growth The truth about the "chemical imbalance" theory of depression How art and painting became therapeutic outlets during her recovery Practical steps for cultivating nervous system regulation and resilience Why Brooke believes that happiness is a learned skill The conversation around parenting, medicating children, and systemic challenges Insights into Brooke's creative process, both as an author and a painter Guest Bio: Brooke Siem is an award-winning chef, writer, and mental health advocate. She is the author of May Cause Side Effects, a memoir about antidepressant withdrawal and healing. When she's not cooking for pro athletes, you'll find her painting, writing, and speaking about the importance of informed consent in mental health treatment.

Paul's Security Weekly
Setting up your SIEM for success - Pitfalls to preclude and tips to take - Geoff Cairns, Neil Desai - ESW #400

Paul's Security Weekly

Play Episode Listen Later Mar 31, 2025 118:15


A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we've got 50% less AI and 50% more co-hosts All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-400

Enterprise Security Weekly (Audio)
Setting up your SIEM for success - Pitfalls to preclude and tips to take - Geoff Cairns, Neil Desai - ESW #400

Enterprise Security Weekly (Audio)

Play Episode Listen Later Mar 31, 2025 118:15


A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we've got 50% less AI and 50% more co-hosts All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-400

Telecom Reseller
From MSP to Cybersecurity Powerhouse: How Seceon is Enabling Partners to Deliver Enterprise-Grade Security at Scale, Podcast

Telecom Reseller

Play Episode Listen Later Mar 31, 2025


Podcast with Chandra Pandey, Founder & CEO, Seceon – recorded at MSP Summit, Channel Partners 2025 At the 2025 MSP Summit in Las Vegas, Seceon founder and CEO Chandra Pandey shared how his company is reshaping cybersecurity delivery for MSPs and MSSPs. Speaking with Doug Green, publisher of Technology Reseller News, Pandey outlined a powerful vision: giving MSPs the tools to provide better-than-enterprise-grade security at a price point even the smallest customers can afford. “Threat actors don't care which vendor you use—they know how to get around siloed tools. You need a platform that works in real time, across all telemetry, with built-in remediation.” Founded over a decade ago, Seceon was built from the ground up as a cybersecurity platform, not a patchwork of point solutions. The result is a fully integrated stack that ingests application, network, and endpoint telemetry in real time, correlates context with global threat intelligence, and automatically neutralizes threats—through auto-remediation or actionable, guided response. Pandey emphasized Seceon's multi-tenant, multi-tiered architecture, designed specifically to empower MSPs to deliver advanced protection with minimal overhead. For MSPs, that means onboarding hundreds of customers quickly and cost-effectively, while building long-term stickiness and recurring revenue. A featured case study discussed during the podcast tells the story of a mid-sized MSP that suffered a significant breach while using conventional SIEM and EDR tools. After transitioning to Seceon, the company not only secured its infrastructure, but transformed its business—growing revenue by triple digits and achieving 60%+ margins by reselling advanced cyber services through Seceon's platform. “It's not just margin for profit—it's margin to invest in people, deliver better service, and grow. That's the power of platform-based cybersecurity.” Pandey's message to the channel at MSP Summit was clear: cybersecurity is no longer a luxury reserved for the enterprise. With Seceon, MSPs can deliver superior protection to SMBs and SMEs—and thrive doing it. Learn more: www.seceon.com

Cloud Security Podcast
Detection Engineering with Google Cloud

Cloud Security Podcast

Play Episode Listen Later Mar 20, 2025 42:31


Detection rules aren't just for fun—they're critical for securing cloud environments. But are you using them the right way? In this episode, Ashish Rajan sits down with David French, Staff Adoption Engineer for Security at Google Cloud, to break down how organizations can scale Detection as Code across AWS, Azure, and Google Cloud.Why prevention isn't enough—and how detection fills the gapThe biggest mistakes in detection rules that could blow up your SOCHow to scale detections across hundreds (or thousands) of cloud accountsThe ROI of Detection as Code—why security leaders should careCommon low-hanging fruit detections every cloud security team should implementDavid has spent over a decade working in detection engineering, threat hunting, and building SIEM & EDR products. He shares real-world insights on how companies can improve their detection strategies and avoid costly security missteps.Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠David's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(03:06) What is Detection as Code?(03:41) What was before Detection as Code?(05:36) Business ROI for doing Detection as Code?(07:49) Building Security Operations in Google Cloud(12:41) Threat Detection for different type of workload(14:54) What is Google SecOps?(20:36) Different kinds of Detection people can create(24:46) Scaling Detection across many Google Cloud accounts(28:47) The role of Data Pipeline in Detection(31:44) Detections people can start with(34:14) Stages of maturity for detection(36:43) Skillsets for Detection Engineering(39:32) The Fun Section

ITSPmagazine | Technology. Cybersecurity. Society
Detection vs. Noise: What MITRE ATT&CK Evaluations Reveal About Your Security Tools | A Conversation with Allie Mellen | Redefining CyberSecurity with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Mar 17, 2025 36:06


⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Smashing Security
History's biggest heist just happened, and online abuse

Smashing Security

Play Episode Listen Later Feb 27, 2025 32:48


We explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Incident Update: Unauthorized Activity Involving ETH Cold Wallet - Bybit.Bybit Launches Recovery Bounty Program with Rewards up to 10% of Stolen Funds - Bybit.ZachXBT links Bybit hack to Lazarus Group - Twitter.Online Safety Act: explainer - GOV.UKThese Are The 10 Most Complained-About TV Moments In Ofcom's History - Ofcom. Ofcom to push for better age verification, filters and 40 other checks in new online child safety code - TechCrunch.UK's internet watchdog toughens approach to deepfake porn - TechCrunch.Girlguiding research exposes alarming online harms facing girls - Charity Today News.Ofcom's approach to implementing the Online Safety Act - Ofcom. Women's abuse online: 'I get trolled every second, every day' - BBC. Amanda's funniest moments in Motherland - YouTube.Amandaland - BBC iPlayer.Cassandra Sci-Fi Thriller limited series - Netflix. Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing.Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%. Try the interactive...

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Feb 14, 2025 6:02


DShield SIEM Docker Updates Interested in learning more about the attacks hitting your honeypot? Guy assembled a neat SIEM to create dashboards summarizing the attacks. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/31680 PANOS Path Confusion Auth Bypass Palo Alto Networks fixed a path confusion vulnerability introduced by the overly complex midle box chain in PANOS. https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ https://www.theregister.com/2025/02/13/palo_alto_firewall/ China's Volt Typhoon Continues to use Cisco Vulns Recorded Future wrote up some recent attacks of the Red Mike / Volt Typhoon groups going after telecom providers by compromissing Cisco systems via an older vulnerabilty https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/ Crowdstrike Patches Linux Client https://www.crowdstrike.com/security-advisories/cve-2025-1146/